This Privacy Policy provides you with information on the use of your data when using V2X technology if your vehicle is equipped with the V2X technology and the V2X technology is active. You will also find information on data processing in your vehicle for purposes other than V2X in the Privacy Policy for using the mobile online services (We Connect, VW Connect).
You can view the current version of the Privacy Policies at any time at https://consent.vwgroup.io/consent/v1/texts/weconnect/gb/en/dataprivacy/latest/html (We Connect) and https://consent.vwgroup.io/consent/v1/texts/weconnect/gb/en/dataprivacycar2x/latest/html (V2X).
Responsible for processing the data in connection with the V2X technology installed in your vehicle is
Volkswagen AG
Berliner Ring 2
38440 Wolfsburg
entered in the register of companies at Braunschweig District Court under HRB 100484 (“Volkswagen AG”)
Your vehicle is equipped with V2X technology. If you activate the V2X technology, your vehicle can exchange important road traffic information, for example about accidents or traffic jams, with other road users or traffic infrastructure if they also support V2X technology. This makes your participation in road traffic even safer. When you log into the vehicle for the first time, you must check whether the V2X setting is right for you and you can deactivate V2X manually as needed.
Communication takes place directly between your vehicle and other road users or the traffic infrastructure within a close range of approximately 200 m to 800 m. This range can vary depending on the environment, such as in tunnels or in the city.
To provide the V2X technology, certain basic functions of your vehicle are used which also process personal data.
In order to ensure secure communication with your vehicle and allow you to use all the services and functions you purchased or additionally booked for your vehicle, the vehicle identification number (VIN) and the IP address of your vehicle and the time stored in it are compared with our database. To protect your identity and your data, the VIN is pseudonymised as far as is possible. The processing of this data takes place on the basis of our legitimate interest in being able to offer you services and functions while preventing the use of them by unauthorised persons. The legal basis for processing is section 6(1)(f) of the General Data Protection Regulation– (“GDPR”).
The data is processed on servers of the following processors according to our instructions:
WirelessCar Sweden AB
Vädursgatan 6
412 50 Gothenburg
Sweden
Amazon Web Services, Inc. (“AWS”)
410 Terry Av. North
Seattle WA 98109
United States
At AWS, data is encrypted in accordance with agreements concluded with us and processed exclusively on data servers located in the EU. Because AWS is based in the United States of America, EU-compliant guarantees for data processing in non-EU countries have been concluded with AWS to ensure that your personal data is adequately protected.
We also use various IT service providers. These assist us with maintenance and technical support. Insofar as they have access to your personal data, they process it only on our behalf and in accordance with our instructions. We have concluded order processing contracts with them in accordance with section 28 of the GDPR to ensure that your data is processed according to our high standards of security.
V2X can assist you in the following situations:
The V2X function scans the range described above around your vehicle in order to inform you of relevant local hazards. To do this, driving information from other V2X users is received and analysed. For example, if a vehicle travelling in front initiates emergency braking and sends this information via V2X, your vehicle can display a warning message. Please note that your vehicle does not perform automatic driving interventions due to such warnings. In other words, it does not automatically initiate emergency braking, for example.
The V2X technology can supplement your vehicle's predictive sensor system (e.g. radar and camera systems) and detect traffic situations even more quickly to give you more time to react to them. With more precise information about a traffic situation, adaptive cruise control, for example, can respond to a tail end of a traffic jam in conjunction with the cruise control system and automatically adjust the speed. Other functions, such as manual lane change assistance, are also improved.
Further V2X functions may be developed in future. We will inform you separately about data processing in connection with new V2X functions.
If you activate the V2X technology, it continuously sends general traffic information to other V2X users (e.g. other vehicles, infrastructure) and allows them to evaluate the current traffic situation. The following data is transmitted for this: information about the V2X transmitter (temporary ID, type), vehicle information (vehicle dimensions), driving information (acceleration, geographical position, direction of movement, speed), information from vehicle sensors (yaw rate, cornering, light status, pedal status and steering angle) and route (waypoints, i.e. positioning data, of the last 200 m to 500 m driven).
The activated V2X technology also transmits additional data to other V2X users when certain events occur. In particular, these events include a vehicle stopping, breakdowns, accidents, interventions by an active safety system and the tail end of traffic jams. The data is only transmitted when these events occur. The following data is additionally transmitted: event information (type of event, time of event and time of message, geographical position, event area, direction of movement) and route (waypoints, i.e. positioning data, of the last 600 m to 1,000 m driven).
The data sent to other V2X users is pseudonymised. This means that you are not displayed as the sender of the information to other V2X users.
Volkswagen AG does not have access to this data and does not store it.
In order to prevent misuse during V2X communication, V2X information is signed with a pseudonymised certificate before it is transmitted. The signatures allow the receiving V2X system to verify whether a V2X message is authentic, i.e. sent by a legitimated V2X transmitter, and that it has not been manipulated. To assign a unique certificate to your V2X system, the VIN of your vehicle is used and transmitted to a V2X server. This way, V2X technology can be provided with pseudonymised certificates. The V2X server is operated on behalf of Volkswagen AG by NEXUS Technology GmbH, Carl-Zeiss-Straße 2, 76275 Ettlingen. To further improve the security of your data, new certificates are issued to your V2X system at regular intervals.
The data transmitted during access to the V2X server is stored together with the control unit certificate, the VIN and the initial parameters for the generation of the certificate for 5 years and will then be erased automatically.
For the statistical analysis of the distribution of V2X technology in Europe, the VIN and the registration date of the vehicle on the backend for the V2X technology are read from the IT backend. The data is stored on an internal VW server for 5 years and will then be erased automatically.
During service appointments, vehicle-specific information will be read out from your vehicle and the maintenance history of the Volkswagen systems will be documented. To exclude safety related hazards, the registration behaviour of vehicles is analysed in the backend. Anomalies during this analysis may require a review of the vehicle history to prevent potential functional restrictions or attacks on the V2X system. This analysis requires the use of the VIN. The data will not be stored outside of the history. Volkswagen AG will only review the data in case of an error or failure.
If a failure of or an attack on the V2X system is identified, the VIN from which a potential attack has originated will be excluded from the use of the V2X system. In this case, no further certificates will be provided for the identified VIN and the VIN will be blocked at the backend.
Blocked VINs from which an attack originated will be stored on an internal VW server for five years and marked as blocked VINs. Volkswagen AG will reactivate the V2X if this is explicitly requested by the customer and the proper use of the V2X technology has been verified.
Your data is processed in order to provide the V2X technology and to support road safety in the interest of you and other road users. The VIN and date of initial registration of the vehicle on the backend for V2X technology are collected for statistical analyses. Using the collected data, it is ensured that the registration is functioning smoothly overall and that there are no global system malfunctions.
The legal basis for data processing is the protection of legitimate interests (section 6(1)(f) GDPR).
To protect your privacy when using V2X, as little of your data as possible is processed, and is only transmitted to Volkswagen AG for issuing certificates for your V2X system.
With regard to the data processed by Volkswagen AG, you have the following rights, if the legal prerequisites are met, and you can exercise these rights against Volkswagen AG at any time, free of charge. More information on asserting your rights can be found at https://datenschutz.volkswagen.de.
You have the right to obtain information from us about the processing of your personal data.
You have the right to have incorrect or incomplete personal data concerning you rectified by us.
You have the right to demand the erasure of your data if the prerequisites stated in section 17 of the General Data Protection Regulation (GDPR) are met. According to this, you can request, for example, that your data is erased if it is no longer necessary for the purposes for which it was collected. In addition, you can request erasure if we process your data on the basis of your consent and you withdraw this consent.
You have the right to demand a restriction of processing of your data if the prerequisites stated in section 18 GDPR are met. This is the case, for example, if you dispute the accuracy of your data. You can request restriction of processing for the period during which the accuracy of the data is being checked.
You have the right to receive your data in a structured, commonly used and machine-readable format and to transmit this data to another data processor, provided that data processing is based on consent or contract fulfilment and that automated processing methods are also used.
Where data processing is based on your consent, you have the right to withdraw that consent with future effect at any time free of charge.
You also have the right to lodge a complaint about our processing of your data with a supervisory authority (e.g. the Data Protection Officer for the State of Lower Saxony).
The V2X messages exchanged between your vehicle and other road users or traffic infrastructure are not transmitted to or stored by Volkswagen AG. Please note that for this reason, we cannot grant you a right to access, rectification, erasure or data portability with regard to your V2X data. If you no longer want to exchange data with other V2X participants, you can deactivate the V2X technology (B. III. and IV.) of your vehicle at any time in the privacy settings under “V2X Technology”. Your vehicle also remembers the most recent setting for future trips if you are a registered user. If you use the vehicle as an anonymous guest, the V2X technology is activated if you select “Online” mode. V2X can only be deactivated separately in the privacy settings under “V2X Technology”. If you start as an anonymous guest in “Offline” mode, V2X remains deactivated. You can change the activation of V2X in the privacy settings at any time under “V2X Technology”. Certificate updates and data processing for technical availability do not take place if you change your vehicle to offline mode in the privacy settings.
The contact persons for exercising your rights and further information on data protection can be found on the following website: https://datenschutz.volkswagen.de.
The Data Protection Officer of Volkswagen AG is available for you as a contact person on any matters related to data protection:
Data Protection Officer at Volkswagen AG
Berliner Ring 2, 38440 Wolfsburg, Germany
dataprivacy@volkswagen.de
Status of the displayed information:
Privacy Policy [December 2023]
You can view the latest version of the Privacy Policy at any time at https://consent.vwgroup.io/consent/v1/texts/weconnect/gb/en/dataprivacycar2x/latest/html.